Industry Best Practices for Backup Infrastructure Recovery from Ransomware Attacks

Backup Recovery Systems and Architecture

By Presidio Insight Blog Security November 25, 2020

Over the last six months, Ransomware attacks have grown significantly using common vectors such as Social Engineering, Malware, and Phishing. Customers know that their data is the most important asset they have, and that they need to do everything possible to secure it.

Despite this imposing threat, many problems exist with backup and security architecture. Organizations today tend not to invest heavily in their backup architecture because they believe it’s not that critical to the business — when, in fact, backup, just like insurance, is vital to the business’s overall success.

Many backup environments are architected to create a set of secondary copies of business data. However, what is missing from this architecture is a review of where that secondary copy resides. Presidio has reviewed many backup solutions and found numerous problems, including:
• Backup architecture uses the same credential repository as the production architecture.
• Backup data repository allows changes in data stored.
• Backup network is not logically separate from the production network.
• There is no testing of backups against recovery time and recovery point objectives.

Organizations build their backup infrastructure with the belief that it only needs to provide a secondary copy of its data; thus, data lost from hardware failure or simple data corruption can typically be recovered, but not data lost from complete data unavailability as a result of a Ransomware attack. In this blog, we aim to provide some industry best practices around the backup infrastructure needed to recover from a Ransomware attack.

Traditional backup and recovery architecture doesn’t cut it anymore. To architect a backup infrastructure that is Ransomware-resilient, a few things need to happen. The first thing a customer needs to think about is the need for an immutable copy of their data to recover. The copy needs to be in an isolated domain. Traditional security architectures have not kept up with the workforce changes that have been accelerated by the COVID-19 pandemic.

Workforces were already increasingly mobile, utilizing cloud services for critical business tasks and functioning outside the traditional firewalled office environment. To protect critical business systems, security controls need to be ubiquitous throughout an organization and provide protection, whether the end-users are working from home or they’ve returned to the office.

How is Presidio helping customers with Ransomware attacks?
Presidio is assisting clients today with transforming their businesses and maintaining security by working with them every step of the way. The Presidio experts help customers with designing an appropriate security architecture, applying the correct controls to meet their needs, and validating that the controls are effective.

For more information or to schedule a Ransomware workshop, please contact our security team.

Presidio

+ posts

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_111355416_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's pageview limit.
_hjIncludedInSessionSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's daily session limit.
_hjTLDTest	session	Hotjar test cookie to check the most generic cookie path it should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
oktgid	1 year	This cookie is used for storing the visitor ID of the user who clicked on an okt.to link.
oktsid	session	This cookie is used for storing the session ID of the user who clicked on an okt.to link.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages.

Cookie	Duration	Description
__gwtCookieCheck	session	This cookie is used to check if the visitors' browser supports cookies.
AnalyticsSyncHistory	1 month	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
li_gc	2 years	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
UserMatchHistory	1 month	LinkedIn - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Industry Best Practices for Backup Infrastructure Recovery from Ransomware Attacks

Presidio

BRID GRAHAM

MICHAEL KELLY

KEVIN FLEURIE

WAHEED CHOUDHRY

BRYAN CALDER

KEVIN WATKINS

JENNIFER JACKSON

ROBERT KIM

SHARAN GURUNATHAN

MANNY KORAKIS

JUSTIN FILIA

GOPINATHAN PANDURANGAN

STEVEN PALMESE

CHRIS CAGNAZZI

Dan O’Brien

VINCENT TRAMA

ELLIOT BRECHER

BARBARA ROBIDOUX

Please select your venue city and
complete registration form below.

Please complete registration
form below.

Dave Hart

CHRIS BARNEY

JOHN HANLON

Greg Hedrick

Courtney Washington

CHRISTINE KOMOLA

VINU THOMAS

JULIETTE AUSTIN